From cddd707fada6b2778f7d6d0667b8c47e3eb43d56 Mon Sep 17 00:00:00 2001 From: Samuel Burnham <45365069+samuelburnham@users.noreply.github.com> Date: Wed, 10 May 2023 15:15:17 -0400 Subject: [PATCH] chore: update to ff/group 0.13 (#166) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: update to ff/group 0.13 and associated dependencies Updates: - zkcrypto/ff, zkcrypto/group to 0.13, - bellperson to 0.25, - pasta_curves to 0.5.1, and removes the fil_pasta_curves fork - pasta-msm should no longer need a fork (WIP) Adapts source in function, mostly for const usage and API updates. * expose the portable feature of pasta-MSM * update pointer to pasta-msm * Clippy --------- Co-authored-by: François Garillot --- Cargo.toml | 12 ++-- examples/signature.rs | 6 +- src/bellperson/mod.rs | 4 +- src/bellperson/r1cs.rs | 2 +- src/bellperson/shape_cs.rs | 6 +- src/bellperson/solver.rs | 2 +- src/circuit.rs | 8 +-- src/gadgets/ecc.rs | 60 +++++++++-------- src/gadgets/nonnative/bignat.rs | 37 +++++------ src/gadgets/nonnative/util.rs | 16 ++--- src/gadgets/r1cs.rs | 16 ++--- src/gadgets/utils.rs | 50 +++++++-------- src/lib.rs | 74 ++++++++++----------- src/provider/ipa_pc.rs | 16 ++--- src/provider/pasta.rs | 8 +-- src/provider/pedersen.rs | 4 +- src/provider/poseidon.rs | 4 +- src/r1cs.rs | 42 ++++++------ src/spartan/mod.rs | 38 +++++------ src/spartan/polynomial.rs | 20 +++--- src/spartan/pp.rs | 110 ++++++++++++++++---------------- src/spartan/sumcheck.rs | 14 ++-- 22 files changed, 275 insertions(+), 274 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 78a6d00..2036d1c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,8 +11,8 @@ license-file = "LICENSE" keywords = ["zkSNARKs", "cryptography", "proofs"] [dependencies] -bellperson = { version = "0.24", default-features = false } -ff = { version = "0.12.0", features = ["derive"] } +bellperson = { version = "0.25", default-features = false } +ff = { version = "0.13.0", features = ["derive"] } digest = "0.8.1" sha3 = "0.8.2" rayon = "1.3.0" @@ -20,8 +20,8 @@ rand_core = { version = "0.6.0", default-features = false } rand_chacha = "0.3" itertools = "0.9.0" subtle = "2.4" -pasta_curves = { version = "0.5.2", features = ["repr-c", "serde"], package = "fil_pasta_curves" } -neptune = { version = "8.1.0", default-features = false } +pasta_curves = { version = "0.5", features = ["repr-c", "serde"] } +neptune = { version = "9.0.0", default-features = false } generic-array = "0.14.4" num-bigint = { version = "0.4", features = ["serde", "rand"] } num-traits = "0.2" @@ -34,7 +34,7 @@ byteorder = "1.4.3" thiserror = "1.0" [target.'cfg(any(target_arch = "x86_64", target_arch = "aarch64"))'.dependencies] -pasta-msm = { version = "0.1.0", package = "lurk-pasta-msm" } +pasta-msm = { version = "0.1.4" } [dev-dependencies] criterion = "0.3.1" @@ -51,5 +51,7 @@ harness = false [features] default = [] +# Compiles in portable mode, w/o ISA extensions => binary can be executed on all systems. +portable = ["pasta-msm/portable"] cuda = ["neptune/cuda", "neptune/pasta", "neptune/arity24"] opencl = ["neptune/opencl", "neptune/pasta", "neptune/arity24"] diff --git a/examples/signature.rs b/examples/signature.rs index 262d84f..2410160 100644 --- a/examples/signature.rs +++ b/examples/signature.rs @@ -73,7 +73,7 @@ where } fn mul_bits>(s: &G::Scalar, bits: BitIterator) -> G::Scalar { - let mut x = G::Scalar::zero(); + let mut x = G::Scalar::ZERO; for bit in bits { x = x.double(); @@ -88,14 +88,14 @@ where assert_eq!(digest.len(), 64); let mut bits: [u64; 8] = [0; 8]; LittleEndian::read_u64_into(digest, &mut bits); - Self::mul_bits(&G::Scalar::one(), BitIterator::new(bits)) + Self::mul_bits(&G::Scalar::ONE, BitIterator::new(bits)) } pub fn to_uniform_32(digest: &[u8]) -> G::Scalar { assert_eq!(digest.len(), 32); let mut bits: [u64; 4] = [0; 4]; LittleEndian::read_u64_into(digest, &mut bits); - Self::mul_bits(&G::Scalar::one(), BitIterator::new(bits)) + Self::mul_bits(&G::Scalar::ONE, BitIterator::new(bits)) } pub fn hash_to_scalar(persona: &[u8], a: &[u8], b: &[u8]) -> G::Scalar { diff --git a/src/bellperson/mod.rs b/src/bellperson/mod.rs index 65450d7..6686fa2 100644 --- a/src/bellperson/mod.rs +++ b/src/bellperson/mod.rs @@ -20,7 +20,7 @@ mod tests { cs: &mut CS, ) -> Result<(), SynthesisError> { // get two bits as input and check that they are indeed bits - let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Fr::one()))?; + let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Fr::ONE))?; let _ = a.inputize(cs.namespace(|| "a is input")); cs.enforce( || "check a is 0 or 1", @@ -28,7 +28,7 @@ mod tests { |lc| lc + a.get_variable(), |lc| lc, ); - let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Fr::one()))?; + let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Fr::ONE))?; let _ = b.inputize(cs.namespace(|| "b is input")); cs.enforce( || "check b is 0 or 1", diff --git a/src/bellperson/r1cs.rs b/src/bellperson/r1cs.rs index 85b939a..56710f7 100644 --- a/src/bellperson/r1cs.rs +++ b/src/bellperson/r1cs.rs @@ -102,7 +102,7 @@ fn add_constraint( ) { let (A, B, C, nn) = X; let n = **nn; - let one = S::one(); + let one = S::ONE; let add_constraint_component = |index: Index, coeff, V: &mut Vec<_>| { match index { diff --git a/src/bellperson/shape_cs.rs b/src/bellperson/shape_cs.rs index 16cc527..1b259c8 100644 --- a/src/bellperson/shape_cs.rs +++ b/src/bellperson/shape_cs.rs @@ -73,7 +73,7 @@ fn proc_lc( for (var, &coeff) in terms.iter() { map .entry(OrderedVariable(var)) - .or_insert_with(Scalar::zero) + .or_insert_with(|| Scalar::ZERO) .add_assign(&coeff); } @@ -144,7 +144,7 @@ where writeln!(s, "INPUT {}", &input).unwrap() } - let negone = -::one(); + let negone = -::ONE; let powers_of_two = (0..G::Scalar::NUM_BITS) .map(|i| G::Scalar::from(2u64).pow_vartime([u64::from(i)])) @@ -161,7 +161,7 @@ where } is_first = false; - if coeff != ::one() && coeff != negone { + if coeff != ::ONE && coeff != negone { for (i, x) in powers_of_two.iter().enumerate() { if x == &coeff { write!(s, "2^{i} . ").unwrap(); diff --git a/src/bellperson/solver.rs b/src/bellperson/solver.rs index c350d66..ac86d3b 100644 --- a/src/bellperson/solver.rs +++ b/src/bellperson/solver.rs @@ -91,7 +91,7 @@ where type Root = Self; fn new() -> Self { - let input_assignment = vec![G::Scalar::one()]; + let input_assignment = vec![G::Scalar::ONE]; let mut d = DensityTracker::new(); d.add_element(); diff --git a/src/circuit.rs b/src/circuit.rs index 0b6d52c..9f6b858 100644 --- a/src/circuit.rs +++ b/src/circuit.rs @@ -146,7 +146,7 @@ impl> NovaAugmentedCircuit { .collect::>, _>>()?; // Allocate zi. If inputs.zi is not provided (base case) allocate default value 0 - let zero = vec![G::Base::zero(); arity]; + let zero = vec![G::Base::ZERO; arity]; let z_i = (0..arity) .map(|i| { AllocatedNum::alloc(cs.namespace(|| format!("zi_{i}")), || { @@ -318,7 +318,7 @@ impl> Circuit<::Base> // Compute i + 1 let i_new = AllocatedNum::alloc(cs.namespace(|| "i + 1"), || { - Ok(*i.get_value().get()? + G::Base::one()) + Ok(*i.get_value().get()? + G::Base::ONE) })?; cs.enforce( || "check i + 1", @@ -417,7 +417,7 @@ mod tests { assert_eq!(cs.num_constraints(), 10347); // Execute the base case for the primary - let zero1 = <::Base as Field>::zero(); + let zero1 = <::Base as Field>::ZERO; let mut cs1: SatisfyingAssignment = SatisfyingAssignment::new(); let inputs1: NovaAugmentedCircuitInputs = NovaAugmentedCircuitInputs::new( shape2.get_digest(), @@ -441,7 +441,7 @@ mod tests { assert!(shape1.is_sat(&ck1, &inst1, &witness1).is_ok()); // Execute the base case for the secondary - let zero2 = <::Base as Field>::zero(); + let zero2 = <::Base as Field>::ZERO; let mut cs2: SatisfyingAssignment = SatisfyingAssignment::new(); let inputs2: NovaAugmentedCircuitInputs = NovaAugmentedCircuitInputs::new( shape1.get_digest(), diff --git a/src/gadgets/ecc.rs b/src/gadgets/ecc.rs index 4b8adff..47b10d3 100644 --- a/src/gadgets/ecc.rs +++ b/src/gadgets/ecc.rs @@ -43,16 +43,16 @@ where CS: ConstraintSystem, { let x = AllocatedNum::alloc(cs.namespace(|| "x"), || { - Ok(coords.map_or(G::Base::zero(), |c| c.0)) + Ok(coords.map_or(G::Base::ZERO, |c| c.0)) })?; let y = AllocatedNum::alloc(cs.namespace(|| "y"), || { - Ok(coords.map_or(G::Base::zero(), |c| c.1)) + Ok(coords.map_or(G::Base::ZERO, |c| c.1)) })?; let is_infinity = AllocatedNum::alloc(cs.namespace(|| "is_infinity"), || { Ok(if coords.map_or(true, |c| c.2) { - G::Base::one() + G::Base::ONE } else { - G::Base::zero() + G::Base::ZERO }) })?; cs.enforce( @@ -177,9 +177,9 @@ where // NOT(NOT(self.is_ifninity) AND NOT(other.is_infinity)) let at_least_one_inf = AllocatedNum::alloc(cs.namespace(|| "at least one inf"), || { Ok( - G::Base::one() - - (G::Base::one() - *self.is_infinity.get_value().get()?) - * (G::Base::one() - *other.is_infinity.get_value().get()?), + G::Base::ONE + - (G::Base::ONE - *self.is_infinity.get_value().get()?) + * (G::Base::ONE - *other.is_infinity.get_value().get()?), ) })?; cs.enforce( @@ -193,7 +193,7 @@ where let x_diff_is_actual = AllocatedNum::alloc(cs.namespace(|| "allocate x_diff_is_actual"), || { Ok(if *equal_x.get_value().get()? { - G::Base::one() + G::Base::ONE } else { *at_least_one_inf.get_value().get()? }) @@ -215,9 +215,9 @@ where )?; let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || { - let x_diff_inv = if *x_diff_is_actual.get_value().get()? == G::Base::one() { + let x_diff_inv = if *x_diff_is_actual.get_value().get()? == G::Base::ONE { // Set to default - G::Base::one() + G::Base::ONE } else { // Set to the actual inverse (*other.x.get_value().get()? - *self.x.get_value().get()?) @@ -328,7 +328,7 @@ where // * (G::Base::from(2)) * self.y).invert().unwrap(); /*************************************************************/ - // Compute tmp = (G::Base::one() + G::Base::one())* self.y ? self != inf : 1 + // Compute tmp = (G::Base::ONE + G::Base::ONE)* self.y ? self != inf : 1 let tmp_actual = AllocatedNum::alloc(cs.namespace(|| "tmp_actual"), || { Ok(*self.y.get_value().get()? + *self.y.get_value().get()?) })?; @@ -354,9 +354,9 @@ where ); let lambda = AllocatedNum::alloc(cs.namespace(|| "alloc lambda"), || { - let tmp_inv = if *self.is_infinity.get_value().get()? == G::Base::one() { + let tmp_inv = if *self.is_infinity.get_value().get()? == G::Base::ONE { // Return default value 1 - G::Base::one() + G::Base::ONE } else { // Return the actual inverse (*tmp.get_value().get()?).invert().unwrap() @@ -622,7 +622,7 @@ where // allocate a free variable that an honest prover sets to lambda = (y2-y1)/(x2-x1) let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || { if *other.x.get_value().get()? == *self.x.get_value().get()? { - Ok(G::Base::one()) + Ok(G::Base::ONE) } else { Ok( (*other.y.get_value().get()? - *self.y.get_value().get()?) @@ -688,8 +688,8 @@ where let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || { let n = G::Base::from(3) * x_sq.get_value().get()? + G::get_curve_params().0; let d = G::Base::from(2) * *self.y.get_value().get()?; - if d == G::Base::zero() { - Ok(G::Base::one()) + if d == G::Base::ZERO { + Ok(G::Base::ONE) } else { Ok(n * d.invert().unwrap()) } @@ -803,8 +803,8 @@ mod tests { } else { // if self.x == other.x and self.y != other.y then return infinity Self { - x: G::Base::zero(), - y: G::Base::zero(), + x: G::Base::ZERO, + y: G::Base::ZERO, is_infinity: true, } } @@ -836,8 +836,8 @@ mod tests { pub fn double(&self) -> Self { if self.is_infinity { return Self { - x: G::Base::zero(), - y: G::Base::zero(), + x: G::Base::ZERO, + y: G::Base::ZERO, is_infinity: true, }; } @@ -845,9 +845,7 @@ mod tests { let lambda = G::Base::from(3) * self.x * self.x - * ((G::Base::one() + G::Base::one()) * self.y) - .invert() - .unwrap(); + * ((G::Base::ONE + G::Base::ONE) * self.y).invert().unwrap(); let x = lambda * lambda - self.x - self.x; let y = lambda * (self.x - x) - self.y; Self { @@ -859,8 +857,8 @@ mod tests { pub fn scalar_mul(&self, scalar: &G::Scalar) -> Self { let mut res = Self { - x: G::Base::zero(), - y: G::Base::zero(), + x: G::Base::ZERO, + y: G::Base::ZERO, is_infinity: true, }; @@ -985,12 +983,12 @@ mod tests { let a_p: Point = Point::new( a.x.get_value().unwrap(), a.y.get_value().unwrap(), - a.is_infinity.get_value().unwrap() == ::Base::one(), + a.is_infinity.get_value().unwrap() == ::Base::ONE, ); let e_p: Point = Point::new( e.x.get_value().unwrap(), e.y.get_value().unwrap(), - e.is_infinity.get_value().unwrap() == ::Base::one(), + e.is_infinity.get_value().unwrap() == ::Base::ONE, ); let e_new = a_p.scalar_mul(&s); assert!(e_p.x == e_new.x && e_p.y == e_new.y); @@ -1025,12 +1023,12 @@ mod tests { let a_p: Point = Point::new( a.x.get_value().unwrap(), a.y.get_value().unwrap(), - a.is_infinity.get_value().unwrap() == ::Base::one(), + a.is_infinity.get_value().unwrap() == ::Base::ONE, ); let e_p: Point = Point::new( e.x.get_value().unwrap(), e.y.get_value().unwrap(), - e.is_infinity.get_value().unwrap() == ::Base::one(), + e.is_infinity.get_value().unwrap() == ::Base::ONE, ); let e_new = a_p.add(&a_p); assert!(e_p.x == e_new.x && e_p.y == e_new.y); @@ -1047,7 +1045,7 @@ mod tests { inputize_allocted_point(&a, cs.namespace(|| "inputize a")).unwrap(); let mut b = a.clone(); b.y = AllocatedNum::alloc(cs.namespace(|| "allocate negation of a"), || { - Ok(G::Base::zero()) + Ok(G::Base::ZERO) }) .unwrap(); inputize_allocted_point(&b, cs.namespace(|| "inputize b")).unwrap(); @@ -1070,7 +1068,7 @@ mod tests { let e_p: Point = Point::new( e.x.get_value().unwrap(), e.y.get_value().unwrap(), - e.is_infinity.get_value().unwrap() == ::Base::one(), + e.is_infinity.get_value().unwrap() == ::Base::ONE, ); assert!(e_p.is_infinity); // Make sure that it is satisfiable diff --git a/src/gadgets/nonnative/bignat.rs b/src/gadgets/nonnative/bignat.rs index ddafe78..8fcf29a 100644 --- a/src/gadgets/nonnative/bignat.rs +++ b/src/gadgets/nonnative/bignat.rs @@ -249,7 +249,7 @@ impl BigNat { Ok(bignat) } - pub fn as_limbs>(&self) -> Vec> { + pub fn as_limbs(&self) -> Vec> { let mut limbs = Vec::new(); for (i, lc) in self.limbs.iter().enumerate() { limbs.push(Num::new( @@ -364,7 +364,7 @@ impl BigNat { let carry_bits = (((max_word.to_f64().unwrap() * 2.0).log2() - self.params.limb_width as f64) .ceil() + 0.1) as usize; - let mut carry_in = Num::new(Some(Scalar::zero()), LinearCombination::zero()); + let mut carry_in = Num::new(Some(Scalar::ZERO), LinearCombination::zero()); for i in 0..n { let carry = Num::alloc(cs.namespace(|| format!("carry value {i}")), || { @@ -449,10 +449,7 @@ impl BigNat { self_grouped.equal_when_carried(cs.namespace(|| "grouped"), &other_grouped) } - pub fn add>( - &self, - other: &Self, - ) -> Result, SynthesisError> { + pub fn add(&self, other: &Self) -> Result, SynthesisError> { self.enforce_limb_width_agreement(other, "add")?; let n_limbs = max(self.params.n_limbs, other.params.n_limbs); let max_word = &self.params.max_word + &other.params.max_word; @@ -617,15 +614,15 @@ impl BigNat { pub fn group_limbs(&self, limbs_per_group: usize) -> BigNat { let n_groups = (self.limbs.len() - 1) / limbs_per_group + 1; let limb_values = self.limb_values.as_ref().map(|vs| { - let mut values: Vec = vec![Scalar::zero(); n_groups]; - let mut shift = Scalar::one(); - let limb_block = (0..self.params.limb_width).fold(Scalar::one(), |mut l, _| { + let mut values: Vec = vec![Scalar::ZERO; n_groups]; + let mut shift = Scalar::ONE; + let limb_block = (0..self.params.limb_width).fold(Scalar::ONE, |mut l, _| { l = l.double(); l }); for (i, v) in vs.iter().enumerate() { if i % limbs_per_group == 0 { - shift = Scalar::one(); + shift = Scalar::ONE; } let mut a = shift; a *= v; @@ -636,14 +633,14 @@ impl BigNat { }); let limbs = { let mut limbs: Vec> = vec![LinearCombination::zero(); n_groups]; - let mut shift = Scalar::one(); - let limb_block = (0..self.params.limb_width).fold(Scalar::one(), |mut l, _| { + let mut shift = Scalar::ONE; + let limb_block = (0..self.params.limb_width).fold(Scalar::ONE, |mut l, _| { l = l.double(); l }); for (i, limb) in self.limbs.iter().enumerate() { if i % limbs_per_group == 0 { - shift = Scalar::one(); + shift = Scalar::ONE; } limbs[i / limbs_per_group] = std::mem::replace(&mut limbs[i / limbs_per_group], LinearCombination::zero()) @@ -689,7 +686,7 @@ impl Polynomial { let n_product_coeffs = self.coefficients.len() + other.coefficients.len() - 1; let values = self.values.as_ref().and_then(|self_vs| { other.values.as_ref().map(|other_vs| { - let mut values: Vec = std::iter::repeat_with(Scalar::zero) + let mut values: Vec = std::iter::repeat_with(|| Scalar::ZERO) .take(n_product_coeffs) .collect(); for (self_i, self_v) in self_vs.iter().enumerate() { @@ -711,14 +708,14 @@ impl Polynomial { coefficients, values, }; - let one = Scalar::one(); - let mut x = Scalar::zero(); + let one = Scalar::ONE; + let mut x = Scalar::ZERO; for _ in 1..(n_product_coeffs + 1) { x.add_assign(&one); cs.enforce( || format!("pointwise product @ {x:?}"), |lc| { - let mut i = Scalar::one(); + let mut i = Scalar::ONE; self.coefficients.iter().fold(lc, |lc, c| { let r = lc + (i, c); i.mul_assign(&x); @@ -726,7 +723,7 @@ impl Polynomial { }) }, |lc| { - let mut i = Scalar::one(); + let mut i = Scalar::ONE; other.coefficients.iter().fold(lc, |lc, c| { let r = lc + (i, c); i.mul_assign(&x); @@ -734,7 +731,7 @@ impl Polynomial { }) }, |lc| { - let mut i = Scalar::one(); + let mut i = Scalar::ONE; product.coefficients.iter().fold(lc, |lc, c| { let r = lc + (i, c); i.mul_assign(&x); @@ -752,7 +749,7 @@ impl Polynomial { other.values.as_ref().map(|other_vs| { (0..n_coeffs) .map(|i| { - let mut s = Scalar::zero(); + let mut s = Scalar::ZERO; if i < self_vs.len() { s.add_assign(&self_vs[i]); } diff --git a/src/gadgets/nonnative/util.rs b/src/gadgets/nonnative/util.rs index fb64b9b..e0cceee 100644 --- a/src/gadgets/nonnative/util.rs +++ b/src/gadgets/nonnative/util.rs @@ -40,9 +40,9 @@ impl Bit { || "boolean", || { if *value.grab()? { - Ok(Scalar::one()) + Ok(Scalar::ONE) } else { - Ok(Scalar::zero()) + Ok(Scalar::ZERO) } }, )?; @@ -109,9 +109,9 @@ impl Num { || format!("bit {i}"), || { let r = if *v.grab()?.get_bit(i).grab()? { - Scalar::one() + Scalar::ONE } else { - Scalar::zero() + Scalar::ZERO }; Ok(r) }, @@ -132,7 +132,7 @@ impl Num { cs.enforce( || "last bit", |mut lc| { - let mut f = Scalar::one(); + let mut f = Scalar::ONE; lc = lc + &self.num; for v in bits.iter() { f = f.double(); @@ -142,7 +142,7 @@ impl Num { }, |mut lc| { lc = lc + CS::one(); - let mut f = Scalar::one(); + let mut f = Scalar::ONE; lc = lc - &self.num; for v in bits.iter() { f = f.double(); @@ -163,7 +163,7 @@ impl Num { other: &Bitvector, ) -> Result<(), SynthesisError> { let allocations = other.allocations.clone(); - let mut f = Scalar::one(); + let mut f = Scalar::ONE; let sum = allocations .iter() .fold(LinearCombination::zero(), |lc, bit| { @@ -196,7 +196,7 @@ impl Num { ) }) .collect::, _>>()?; - let mut f = Scalar::one(); + let mut f = Scalar::ONE; let sum = allocations .iter() .fold(LinearCombination::zero(), |lc, bit| { diff --git a/src/gadgets/r1cs.rs b/src/gadgets/r1cs.rs index 8a73685..2c0d33b 100644 --- a/src/gadgets/r1cs.rs +++ b/src/gadgets/r1cs.rs @@ -106,7 +106,7 @@ impl AllocatedRelaxedR1CSInstance { cs.namespace(|| "allocate X[0]"), || { Ok(f_to_nat( - &inst.clone().map_or(G::Scalar::zero(), |inst| inst.X[0]), + &inst.clone().map_or(G::Scalar::ZERO, |inst| inst.X[0]), )) }, limb_width, @@ -117,7 +117,7 @@ impl AllocatedRelaxedR1CSInstance { cs.namespace(|| "allocate X[1]"), || { Ok(f_to_nat( - &inst.clone().map_or(G::Scalar::zero(), |inst| inst.X[1]), + &inst.clone().map_or(G::Scalar::ZERO, |inst| inst.X[1]), )) }, limb_width, @@ -141,14 +141,14 @@ impl AllocatedRelaxedR1CSInstance { let X0 = BigNat::alloc_from_nat( cs.namespace(|| "allocate x_default[0]"), - || Ok(f_to_nat(&G::Scalar::zero())), + || Ok(f_to_nat(&G::Scalar::ZERO)), limb_width, n_limbs, )?; let X1 = BigNat::alloc_from_nat( cs.namespace(|| "allocate x_default[1]"), - || Ok(f_to_nat(&G::Scalar::zero())), + || Ok(f_to_nat(&G::Scalar::ZERO)), limb_width, n_limbs, )?; @@ -208,7 +208,7 @@ impl AllocatedRelaxedR1CSInstance { // Analyze X0 as limbs let X0_bn = self .X0 - .as_limbs::() + .as_limbs() .iter() .enumerate() .map(|(i, limb)| { @@ -224,7 +224,7 @@ impl AllocatedRelaxedR1CSInstance { // Analyze X1 as limbs let X1_bn = self .X1 - .as_limbs::() + .as_limbs() .iter() .enumerate() .map(|(i, limb)| { @@ -310,7 +310,7 @@ impl AllocatedRelaxedR1CSInstance { // Fold self.X[0] + r * X[0] let (_, r_0) = X0_bn.mult_mod(cs.namespace(|| "r*X[0]"), &r_bn, &m_bn)?; // add X_r[0] - let r_new_0 = self.X0.add::(&r_0)?; + let r_new_0 = self.X0.add(&r_0)?; // Now reduce let X0_fold = r_new_0.red_mod(cs.namespace(|| "reduce folded X[0]"), &m_bn)?; @@ -325,7 +325,7 @@ impl AllocatedRelaxedR1CSInstance { // Fold self.X[1] + r * X[1] let (_, r_1) = X1_bn.mult_mod(cs.namespace(|| "r*X[1]"), &r_bn, &m_bn)?; // add X_r[1] - let r_new_1 = self.X1.add::(&r_1)?; + let r_new_1 = self.X1.add(&r_1)?; // Now reduce let X1_fold = r_new_1.red_mod(cs.namespace(|| "reduce folded X[1]"), &m_bn)?; diff --git a/src/gadgets/utils.rs b/src/gadgets/utils.rs index d43497c..1262f23 100644 --- a/src/gadgets/utils.rs +++ b/src/gadgets/utils.rs @@ -24,8 +24,8 @@ where // We loop over the input bits and construct the constraint // and the field element that corresponds to the result let mut lc = LinearCombination::zero(); - let mut coeff = Scalar::one(); - let mut fe = Some(Scalar::zero()); + let mut coeff = Scalar::ONE; + let mut fe = Some(Scalar::ZERO); for bit in bits.iter() { lc = lc + (coeff, bit.get_variable()); fe = bit.get_value().map(|val| { @@ -49,7 +49,7 @@ where pub fn alloc_zero>( mut cs: CS, ) -> Result, SynthesisError> { - let zero = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::zero()))?; + let zero = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::ZERO))?; cs.enforce( || "check zero is valid", |lc| lc, @@ -63,7 +63,7 @@ pub fn alloc_zero>( pub fn alloc_one>( mut cs: CS, ) -> Result, SynthesisError> { - let one = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::one()))?; + let one = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::ONE))?; cs.enforce( || "check one is valid", |lc| lc + CS::one(), @@ -85,9 +85,9 @@ where CS: ConstraintSystem<::Base>, { AllocatedNum::alloc(cs.namespace(|| "allocate scalar as base"), || { - let input_bits = input.unwrap_or_else(G::Scalar::zero).clone().to_le_bits(); - let mut mult = G::Base::one(); - let mut val = G::Base::zero(); + let input_bits = input.unwrap_or(G::Scalar::ZERO).clone().to_le_bits(); + let mut mult = G::Base::ONE; + let mut val = G::Base::ZERO; for bit in input_bits { if bit { val += mult; @@ -101,8 +101,8 @@ where /// interepret scalar as base pub fn scalar_as_base(input: G::Scalar) -> G::Base { let input_bits = input.to_le_bits(); - let mut mult = G::Base::one(); - let mut val = G::Base::zero(); + let mut mult = G::Base::ONE; + let mut val = G::Base::ZERO; for bit in input_bits { if bit { val += mult; @@ -159,7 +159,7 @@ pub fn alloc_num_equals>( let t = AllocatedNum::alloc(cs.namespace(|| "t"), || { Ok(if *a.get_value().get()? == *b.get_value().get()? { - F::one() + F::ONE } else { (*a.get_value().get()? - *b.get_value().get()?) .invert() @@ -204,7 +204,7 @@ pub fn conditionally_select>( cs.enforce( || "conditional select constraint", |lc| lc + a.get_variable() - b.get_variable(), - |_| condition.lc(CS::one(), F::one()), + |_| condition.lc(CS::one(), F::ONE), |lc| lc + c.get_variable() - b.get_variable(), ); @@ -254,7 +254,7 @@ pub fn conditionally_select_bignat>( cs.enforce( || format!("conditional select constraint {i}"), |lc| lc + &a.limbs[i] - &b.limbs[i], - |_| condition.lc(CS::one(), F::one()), + |_| condition.lc(CS::one(), F::ONE), |lc| lc + &c.limbs[i] - &b.limbs[i], ); } @@ -270,7 +270,7 @@ pub fn conditionally_select2>( condition: &AllocatedNum, ) -> Result, SynthesisError> { let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || { - if *condition.get_value().get()? == F::one() { + if *condition.get_value().get()? == F::ONE { Ok(*a.get_value().get()?) } else { Ok(*b.get_value().get()?) @@ -296,8 +296,8 @@ pub fn select_zero_or_num2>( condition: &AllocatedNum, ) -> Result, SynthesisError> { let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || { - if *condition.get_value().get()? == F::one() { - Ok(F::zero()) + if *condition.get_value().get()? == F::ONE { + Ok(F::ZERO) } else { Ok(*a.get_value().get()?) } @@ -321,10 +321,10 @@ pub fn select_num_or_zero2>( condition: &AllocatedNum, ) -> Result, SynthesisError> { let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || { - if *condition.get_value().get()? == F::one() { + if *condition.get_value().get()? == F::ONE { Ok(*a.get_value().get()?) } else { - Ok(F::zero()) + Ok(F::ZERO) } })?; @@ -348,14 +348,14 @@ pub fn select_num_or_zero>( if *condition.get_value().get()? { Ok(*a.get_value().get()?) } else { - Ok(F::zero()) + Ok(F::ZERO) } })?; cs.enforce( || "conditional select constraint", |lc| lc + a.get_variable(), - |_| condition.lc(CS::one(), F::one()), + |_| condition.lc(CS::one(), F::ONE), |lc| lc + c.get_variable(), ); @@ -369,8 +369,8 @@ pub fn select_one_or_num2>( condition: &AllocatedNum, ) -> Result, SynthesisError> { let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || { - if *condition.get_value().get()? == F::one() { - Ok(F::one()) + if *condition.get_value().get()? == F::ONE { + Ok(F::ONE) } else { Ok(*a.get_value().get()?) } @@ -393,8 +393,8 @@ pub fn select_one_or_diff2>( condition: &AllocatedNum, ) -> Result, SynthesisError> { let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || { - if *condition.get_value().get()? == F::one() { - Ok(F::one()) + if *condition.get_value().get()? == F::ONE { + Ok(F::ONE) } else { Ok(*a.get_value().get()? - *b.get_value().get()?) } @@ -419,14 +419,14 @@ pub fn select_num_or_one>( if *condition.get_value().get()? { Ok(*a.get_value().get()?) } else { - Ok(F::one()) + Ok(F::ONE) } })?; cs.enforce( || "conditional select constraint", |lc| lc + a.get_variable() - CS::one(), - |_| condition.lc(CS::one(), F::one()), + |_| condition.lc(CS::one(), F::ONE), |lc| lc + c.get_variable() - CS::one(), ); diff --git a/src/lib.rs b/src/lib.rs index 4d86f0e..7ab0cf7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -206,7 +206,7 @@ where let mut cs_primary: SatisfyingAssignment = SatisfyingAssignment::new(); let inputs_primary: NovaAugmentedCircuitInputs = NovaAugmentedCircuitInputs::new( pp.r1cs_shape_secondary.get_digest(), - G1::Scalar::zero(), + G1::Scalar::ZERO, z0_primary.clone(), None, None, @@ -229,7 +229,7 @@ where let mut cs_secondary: SatisfyingAssignment = SatisfyingAssignment::new(); let inputs_secondary: NovaAugmentedCircuitInputs = NovaAugmentedCircuitInputs::new( pp.r1cs_shape_primary.get_digest(), - G2::Scalar::zero(), + G2::Scalar::ZERO, z0_secondary.clone(), None, None, @@ -862,8 +862,8 @@ mod tests { None, TrivialTestCircuit::default(), TrivialTestCircuit::default(), - vec![::Scalar::zero()], - vec![::Scalar::zero()], + vec![::Scalar::ZERO], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); let recursive_snark = res.unwrap(); @@ -872,8 +872,8 @@ mod tests { let res = recursive_snark.verify( &pp, num_steps, - vec![::Scalar::zero()], - vec![::Scalar::zero()], + vec![::Scalar::ZERO], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); } @@ -909,8 +909,8 @@ mod tests { recursive_snark, circuit_primary.clone(), circuit_secondary.clone(), - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); let recursive_snark_unwrapped = res.unwrap(); @@ -919,8 +919,8 @@ mod tests { let res = recursive_snark_unwrapped.verify( &pp, i + 1, - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); @@ -935,16 +935,16 @@ mod tests { let res = recursive_snark.verify( &pp, num_steps, - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); let (zn_primary, zn_secondary) = res.unwrap(); // sanity: check the claimed output with a direct computation of the same - assert_eq!(zn_primary, vec![::Scalar::one()]); - let mut zn_secondary_direct = vec![::Scalar::zero()]; + assert_eq!(zn_primary, vec![::Scalar::ONE]); + let mut zn_secondary_direct = vec![::Scalar::ZERO]; for _i in 0..num_steps { zn_secondary_direct = CubicCircuit::default().output(&zn_secondary_direct); } @@ -983,8 +983,8 @@ mod tests { recursive_snark, circuit_primary.clone(), circuit_secondary.clone(), - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); recursive_snark = Some(res.unwrap()); @@ -997,16 +997,16 @@ mod tests { let res = recursive_snark.verify( &pp, num_steps, - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); let (zn_primary, zn_secondary) = res.unwrap(); // sanity: check the claimed output with a direct computation of the same - assert_eq!(zn_primary, vec![::Scalar::one()]); - let mut zn_secondary_direct = vec![::Scalar::zero()]; + assert_eq!(zn_primary, vec![::Scalar::ONE]); + let mut zn_secondary_direct = vec![::Scalar::ZERO]; for _i in 0..num_steps { zn_secondary_direct = CubicCircuit::default().output(&zn_secondary_direct); } @@ -1025,8 +1025,8 @@ mod tests { let res = compressed_snark.verify( &vk, num_steps, - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); } @@ -1062,8 +1062,8 @@ mod tests { recursive_snark, circuit_primary.clone(), circuit_secondary.clone(), - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); recursive_snark = Some(res.unwrap()); @@ -1076,16 +1076,16 @@ mod tests { let res = recursive_snark.verify( &pp, num_steps, - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); let (zn_primary, zn_secondary) = res.unwrap(); // sanity: check the claimed output with a direct computation of the same - assert_eq!(zn_primary, vec![::Scalar::one()]); - let mut zn_secondary_direct = vec![::Scalar::zero()]; + assert_eq!(zn_primary, vec![::Scalar::ONE]); + let mut zn_secondary_direct = vec![::Scalar::ZERO]; for _i in 0..num_steps { zn_secondary_direct = CubicCircuit::default().output(&zn_secondary_direct); } @@ -1108,8 +1108,8 @@ mod tests { let res = compressed_snark.verify( &vk, num_steps, - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); } @@ -1198,7 +1198,7 @@ mod tests { } let circuit_primary = FifthRootCheckingCircuit { - y: ::Scalar::zero(), + y: ::Scalar::ZERO, }; let circuit_secondary = TrivialTestCircuit::default(); @@ -1215,7 +1215,7 @@ mod tests { // produce non-deterministic advice let (z0_primary, roots) = FifthRootCheckingCircuit::new(num_steps); - let z0_secondary = vec![::Scalar::zero()]; + let z0_secondary = vec![::Scalar::ZERO]; // produce a recursive SNARK let mut recursive_snark: Option< @@ -1278,8 +1278,8 @@ mod tests { None, TrivialTestCircuit::default(), CubicCircuit::default(), - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); let recursive_snark = res.unwrap(); @@ -1288,14 +1288,14 @@ mod tests { let res = recursive_snark.verify( &pp, num_steps, - vec![::Scalar::one()], - vec![::Scalar::zero()], + vec![::Scalar::ONE], + vec![::Scalar::ZERO], ); assert!(res.is_ok()); let (zn_primary, zn_secondary) = res.unwrap(); - assert_eq!(zn_primary, vec![::Scalar::one()]); + assert_eq!(zn_primary, vec![::Scalar::ONE]); assert_eq!(zn_secondary, vec![::Scalar::from(5u64)]); } } diff --git a/src/provider/ipa_pc.rs b/src/provider/ipa_pc.rs index e630d8c..fa8068b 100644 --- a/src/provider/ipa_pc.rs +++ b/src/provider/ipa_pc.rs @@ -118,7 +118,7 @@ where (0..a.len()) .into_par_iter() .map(|i| a[i] * b[i]) - .reduce(T::zero, |x, y| x + y) + .reduce(|| T::ZERO, |x, y| x + y) } /// An inner product instance consists of a commitment to a vector `a` and another vector `b` @@ -323,8 +323,8 @@ where let P = U.comm_a_vec + CE::::commit(&ck_c, &[U.c]); let batch_invert = |v: &[G::Scalar]| -> Result, NovaError> { - let mut products = vec![G::Scalar::zero(); v.len()]; - let mut acc = G::Scalar::one(); + let mut products = vec![G::Scalar::ZERO; v.len()]; + let mut acc = G::Scalar::ONE; for i in 0..v.len() { products[i] = acc; @@ -332,14 +332,14 @@ where } // we can compute an inversion only if acc is non-zero - if acc == G::Scalar::zero() { + if acc == G::Scalar::ZERO { return Err(NovaError::InvalidInputLength); } // compute the inverse once for all entries acc = acc.invert().unwrap(); - let mut inv = vec![G::Scalar::zero(); v.len()]; + let mut inv = vec![G::Scalar::ZERO; v.len()]; for i in 0..v.len() { let tmp = acc * v[v.len() - 1 - i]; inv[v.len() - 1 - i] = products[v.len() - 1 - i] * acc; @@ -371,9 +371,9 @@ where // compute the vector with the tensor structure let s = { - let mut s = vec![G::Scalar::zero(); n]; + let mut s = vec![G::Scalar::ZERO; n]; s[0] = { - let mut v = G::Scalar::one(); + let mut v = G::Scalar::ONE; for r_inverse_i in &r_inverse { v *= r_inverse_i; } @@ -406,7 +406,7 @@ where &r_square .iter() .chain(r_inverse_square.iter()) - .chain(iter::once(&G::Scalar::one())) + .chain(iter::once(&G::Scalar::ONE)) .copied() .collect::>(), ) diff --git a/src/provider/pasta.rs b/src/provider/pasta.rs index bdffdd3..f67041f 100644 --- a/src/provider/pasta.rs +++ b/src/provider/pasta.rs @@ -8,12 +8,12 @@ use crate::{ traits::{CompressedGroup, Group, PrimeFieldExt, TranscriptReprTrait}, }; use digest::{ExtendableOutput, Input}; -use ff::PrimeField; +use ff::{FromUniformBytes, PrimeField}; use num_bigint::BigInt; use num_traits::Num; use pasta_curves::{ self, - arithmetic::{CurveAffine, CurveExt, FieldExt, Group as OtherGroup}, + arithmetic::{CurveAffine, CurveExt}, group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup, GroupEncoding}, pallas, vesta, Ep, EpAffine, Eq, EqAffine, }; @@ -163,7 +163,7 @@ macro_rules! impl_traits { } fn zero() -> Self { - $name::Point::group_zero() + $name::Point::identity() } fn get_generator() -> Self { @@ -174,7 +174,7 @@ macro_rules! impl_traits { impl PrimeFieldExt for $name::Scalar { fn from_uniform(bytes: &[u8]) -> Self { let bytes_arr: [u8; 64] = bytes.try_into().unwrap(); - $name::Scalar::from_bytes_wide(&bytes_arr) + $name::Scalar::from_uniform_bytes(&bytes_arr) } } diff --git a/src/provider/pedersen.rs b/src/provider/pedersen.rs index 33a8526..b5a45e1 100644 --- a/src/provider/pedersen.rs +++ b/src/provider/pedersen.rs @@ -85,9 +85,9 @@ impl AbsorbInROTrait for Commitment { ro.absorb(x); ro.absorb(y); ro.absorb(if is_infinity { - G::Base::one() + G::Base::ONE } else { - G::Base::zero() + G::Base::ZERO }); } } diff --git a/src/provider/poseidon.rs b/src/provider/poseidon.rs index 7df4620..eee606d 100644 --- a/src/provider/poseidon.rs +++ b/src/provider/poseidon.rs @@ -96,8 +96,8 @@ where // Only return `num_bits` let bits = hash[0].to_le_bits(); - let mut res = Scalar::zero(); - let mut coeff = Scalar::one(); + let mut res = Scalar::ZERO; + let mut coeff = Scalar::ONE; for bit in bits[0..num_bits].into_iter() { if *bit { res += coeff; diff --git a/src/r1cs.rs b/src/r1cs.rs index 8fed9c5..8b0e997 100644 --- a/src/r1cs.rs +++ b/src/r1cs.rs @@ -159,7 +159,7 @@ impl R1CSShape { let (row, col, val) = M[i]; (row, val * z[col]) }) - .fold(vec![G::Scalar::zero(); num_rows], |mut Mz, (r, v)| { + .fold(vec![G::Scalar::ZERO; num_rows], |mut Mz, (r, v)| { Mz[r] += v; Mz }) @@ -230,7 +230,7 @@ impl R1CSShape { // verify if Az * Bz = u*Cz let res_eq: bool = { - let z = concat(vec![W.W.clone(), vec![G::Scalar::one()], U.X.clone()]); + let z = concat(vec![W.W.clone(), vec![G::Scalar::ONE], U.X.clone()]); let (Az, Bz, Cz) = self.multiply_vec(&z)?; assert_eq!(Az.len(), self.num_cons); assert_eq!(Bz.len(), self.num_cons); @@ -269,7 +269,7 @@ impl R1CSShape { }; let (AZ_2, BZ_2, CZ_2) = { - let Z2 = concat(vec![W2.W.clone(), vec![G::Scalar::one()], U2.X.clone()]); + let Z2 = concat(vec![W2.W.clone(), vec![G::Scalar::ONE], U2.X.clone()]); self.multiply_vec(&Z2)? }; @@ -353,8 +353,8 @@ impl R1CSShape { }); // turn the bit vector into a scalar - let mut res = G::Scalar::zero(); - let mut coeff = G::Scalar::one(); + let mut res = G::Scalar::ZERO; + let mut coeff = G::Scalar::ONE; for bit in bv { if bit { res += coeff; @@ -397,11 +397,15 @@ impl R1CSShape { let apply_pad = |M: &[(usize, usize, G::Scalar)]| -> Vec<(usize, usize, G::Scalar)> { M.par_iter() .map(|(r, c, v)| { - if c >= &self.num_vars { - (*r, c + num_vars_padded - self.num_vars, *v) - } else { - (*r, *c, *v) - } + ( + *r, + if c >= &self.num_vars { + c + num_vars_padded - self.num_vars + } else { + *c + }, + *v, + ) }) .collect::>() }; @@ -490,8 +494,8 @@ impl RelaxedR1CSWitness { /// Produces a default RelaxedR1CSWitness given an R1CSShape pub fn default(S: &R1CSShape) -> RelaxedR1CSWitness { RelaxedR1CSWitness { - W: vec![G::Scalar::zero(); S.num_vars], - E: vec![G::Scalar::zero(); S.num_cons], + W: vec![G::Scalar::ZERO; S.num_vars], + E: vec![G::Scalar::ZERO; S.num_cons], } } @@ -499,7 +503,7 @@ impl RelaxedR1CSWitness { pub fn from_r1cs_witness(S: &R1CSShape, witness: &R1CSWitness) -> RelaxedR1CSWitness { RelaxedR1CSWitness { W: witness.W.clone(), - E: vec![G::Scalar::zero(); S.num_cons], + E: vec![G::Scalar::ZERO; S.num_cons], } } @@ -539,13 +543,13 @@ impl RelaxedR1CSWitness { pub fn pad(&self, S: &R1CSShape) -> RelaxedR1CSWitness { let W = { let mut W = self.W.clone(); - W.extend(vec![G::Scalar::zero(); S.num_vars - W.len()]); + W.extend(vec![G::Scalar::ZERO; S.num_vars - W.len()]); W }; let E = { let mut E = self.E.clone(); - E.extend(vec![G::Scalar::zero(); S.num_cons - E.len()]); + E.extend(vec![G::Scalar::ZERO; S.num_cons - E.len()]); E }; @@ -560,8 +564,8 @@ impl RelaxedR1CSInstance { RelaxedR1CSInstance { comm_W, comm_E, - u: G::Scalar::zero(), - X: vec![G::Scalar::zero(); S.num_io], + u: G::Scalar::ZERO, + X: vec![G::Scalar::ZERO; S.num_io], } } @@ -573,7 +577,7 @@ impl RelaxedR1CSInstance { ) -> RelaxedR1CSInstance { let mut r_instance = RelaxedR1CSInstance::default(ck, S); r_instance.comm_W = instance.comm_W; - r_instance.u = G::Scalar::one(); + r_instance.u = G::Scalar::ONE; r_instance.X = instance.X.clone(); r_instance } @@ -586,7 +590,7 @@ impl RelaxedR1CSInstance { RelaxedR1CSInstance { comm_W: *comm_W, comm_E: Commitment::::default(), - u: G::Scalar::one(), + u: G::Scalar::ONE, X: X.to_vec(), } } diff --git a/src/spartan/mod.rs b/src/spartan/mod.rs index a36ef14..87ae3eb 100644 --- a/src/spartan/mod.rs +++ b/src/spartan/mod.rs @@ -23,7 +23,7 @@ use sumcheck::SumcheckProof; fn powers(s: &G::Scalar, n: usize) -> Vec { assert!(n >= 1); let mut powers = Vec::new(); - powers.push(G::Scalar::one()); + powers.push(G::Scalar::ONE); for i in 1..n { powers.push(powers[i - 1] * s); } @@ -42,7 +42,7 @@ impl PolyEvalWitness { W.iter() .map(|w| { let mut p = w.p.clone(); - p.resize(n, G::Scalar::zero()); + p.resize(n, G::Scalar::ZERO); PolyEvalWitness { p } }) .collect() @@ -53,7 +53,7 @@ impl PolyEvalWitness { fn weighted_sum(W: &[PolyEvalWitness], s: &[G::Scalar]) -> PolyEvalWitness { assert_eq!(W.len(), s.len()); - let mut p = vec![G::Scalar::zero(); W[0].p.len()]; + let mut p = vec![G::Scalar::ZERO; W[0].p.len()]; for i in 0..W.len() { for j in 0..W[i].p.len() { p[j] += W[i].p[j] * s[i] @@ -64,7 +64,7 @@ impl PolyEvalWitness { fn batch(p_vec: &[&Vec], s: &G::Scalar) -> PolyEvalWitness { let powers_of_s = powers::(s, p_vec.len()); - let mut p = vec![G::Scalar::zero(); p_vec[0].len()]; + let mut p = vec![G::Scalar::ZERO; p_vec[0].len()]; for i in 0..p_vec.len() { for (j, item) in p.iter_mut().enumerate().take(p_vec[i].len()) { *item += p_vec[i][j] * powers_of_s[i] @@ -87,7 +87,7 @@ impl PolyEvalInstance { if let Some(ell) = U.iter().map(|u| u.x.len()).max() { U.iter() .map(|u| { - let mut x = vec![G::Scalar::zero(); ell - u.x.len()]; + let mut x = vec![G::Scalar::ZERO; ell - u.x.len()]; x.extend(u.x.clone()); PolyEvalInstance { c: u.c, x, e: u.e } }) @@ -108,7 +108,7 @@ impl PolyEvalInstance { .iter() .zip(powers_of_s.iter()) .map(|(e, p)| *e * p) - .fold(G::Scalar::zero(), |acc, item| acc + item); + .fold(G::Scalar::ZERO, |acc, item| acc + item); let c = c_vec .iter() .zip(powers_of_s.iter()) @@ -233,7 +233,7 @@ impl> RelaxedR1CSSNARKTrait G::Scalar { *poly_A_comp * (*poly_B_comp * *poly_C_comp - *poly_D_comp) }; let (sc_proof_outer, r_x, claims_outer) = SumcheckProof::prove_cubic_with_additive_term( - &G::Scalar::zero(), // claim is zero + &G::Scalar::ZERO, // claim is zero num_rounds_x, &mut poly_tau, &mut poly_Az, @@ -273,19 +273,19 @@ impl> RelaxedR1CSSNARKTrait = vec![G::Scalar::zero(); 2 * S.num_vars]; + let mut A_evals: Vec = vec![G::Scalar::ZERO; 2 * S.num_vars]; inner(&S.A, &mut A_evals); A_evals }, || { rayon::join( || { - let mut B_evals: Vec = vec![G::Scalar::zero(); 2 * S.num_vars]; + let mut B_evals: Vec = vec![G::Scalar::ZERO; 2 * S.num_vars]; inner(&S.B, &mut B_evals); B_evals }, || { - let mut C_evals: Vec = vec![G::Scalar::zero(); 2 * S.num_vars]; + let mut C_evals: Vec = vec![G::Scalar::ZERO; 2 * S.num_vars]; inner(&S.C, &mut C_evals); C_evals }, @@ -307,7 +307,7 @@ impl> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> = w_vec_padded .iter() @@ -408,7 +408,7 @@ impl> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait EqPolynomial { pub fn evaluate(&self, rx: &[Scalar]) -> Scalar { assert_eq!(self.r.len(), rx.len()); (0..rx.len()) - .map(|i| rx[i] * self.r[i] + (Scalar::one() - rx[i]) * (Scalar::one() - self.r[i])) - .fold(Scalar::one(), |acc, item| acc * item) + .map(|i| rx[i] * self.r[i] + (Scalar::ONE - rx[i]) * (Scalar::ONE - self.r[i])) + .fold(Scalar::ONE, |acc, item| acc * item) } pub fn evals(&self) -> Vec { let ell = self.r.len(); - let mut evals: Vec = vec![Scalar::zero(); (2_usize).pow(ell as u32)]; + let mut evals: Vec = vec![Scalar::ZERO; (2_usize).pow(ell as u32)]; let mut size = 1; - evals[0] = Scalar::one(); + evals[0] = Scalar::ONE; for r in self.r.iter().rev() { let (evals_left, evals_right) = evals.split_at_mut(size); @@ -82,7 +82,7 @@ impl MultilinearPolynomial { *a += *r * (*b - *a); }); - self.Z.resize(n, Scalar::zero()); + self.Z.resize(n, Scalar::ZERO); self.num_vars -= 1; } @@ -96,7 +96,7 @@ impl MultilinearPolynomial { (0..chis.len()) .into_par_iter() .map(|i| chis[i] * self.Z[i]) - .reduce(Scalar::zero, |x, y| x + y) + .reduce(|| Scalar::ZERO, |x, y| x + y) } pub fn evaluate_with(Z: &[Scalar], r: &[Scalar]) -> Scalar { @@ -105,7 +105,7 @@ impl MultilinearPolynomial { .into_par_iter() .zip(Z.into_par_iter()) .map(|(a, b)| a * b) - .reduce(Scalar::zero, |x, y| x + y) + .reduce(|| Scalar::ZERO, |x, y| x + y) } } @@ -130,12 +130,12 @@ impl SparsePolynomial { fn compute_chi(a: &[bool], r: &[Scalar]) -> Scalar { assert_eq!(a.len(), r.len()); - let mut chi_i = Scalar::one(); + let mut chi_i = Scalar::ONE; for j in 0..r.len() { if a[j] { chi_i *= r[j]; } else { - chi_i *= Scalar::one() - r[j]; + chi_i *= Scalar::ONE - r[j]; } } chi_i @@ -158,6 +158,6 @@ impl SparsePolynomial { let bits = get_bits(self.Z[i].0, r.len()); SparsePolynomial::compute_chi(&bits, r) * self.Z[i].1 }) - .reduce(Scalar::zero, |x, y| x + y) + .reduce(|| Scalar::ZERO, |x, y| x + y) } } diff --git a/src/spartan/pp.rs b/src/spartan/pp.rs index a00ba4f..4137bdb 100644 --- a/src/spartan/pp.rs +++ b/src/spartan/pp.rs @@ -53,7 +53,7 @@ impl IdentityPolynomial { assert_eq!(self.ell, r.len()); (0..self.ell) .map(|i| Scalar::from(2_usize.pow((self.ell - i - 1) as u32) as u64) * r[i]) - .fold(Scalar::zero(), |acc, item| acc + item) + .fold(Scalar::ZERO, |acc, item| acc + item) } } @@ -149,25 +149,25 @@ impl R1CSShapeSparkRepr { let val_A = { let mut val = S.A.iter().map(|(_, _, v)| *v).collect::>(); - val.resize(N, G::Scalar::zero()); + val.resize(N, G::Scalar::ZERO); val }; let val_B = { // prepend zeros - let mut val = vec![G::Scalar::zero(); S.A.len()]; + let mut val = vec![G::Scalar::ZERO; S.A.len()]; val.extend(S.B.iter().map(|(_, _, v)| *v).collect::>()); // append zeros - val.resize(N, G::Scalar::zero()); + val.resize(N, G::Scalar::ZERO); val }; let val_C = { // prepend zeros - let mut val = vec![G::Scalar::zero(); S.A.len() + S.B.len()]; + let mut val = vec![G::Scalar::ZERO; S.A.len() + S.B.len()]; val.extend(S.C.iter().map(|(_, _, v)| *v).collect::>()); // append zeros - val.resize(N, G::Scalar::zero()); + val.resize(N, G::Scalar::ZERO); val }; @@ -262,7 +262,7 @@ impl R1CSShapeSparkRepr { Vec, ) { let r_x_padded = { - let mut x = vec![G::Scalar::zero(); self.N.log_2() - r_x.len()]; + let mut x = vec![G::Scalar::ZERO; self.N.log_2() - r_x.len()]; x.extend(r_x); x }; @@ -270,7 +270,7 @@ impl R1CSShapeSparkRepr { let mem_row = EqPolynomial::new(r_x_padded).evals(); let mem_col = { let mut z = z.to_vec(); - z.resize(self.N, G::Scalar::zero()); + z.resize(self.N, G::Scalar::ZERO); z }; @@ -374,8 +374,8 @@ impl ProductSumcheckInstance { // add a dummy product operation to make the left.len() == right.len() == output.len() == input.len() left.push(output[output.len() - 1]); - right.push(G::Scalar::zero()); - output.push(G::Scalar::zero()); + right.push(G::Scalar::ZERO); + output.push(G::Scalar::ZERO); // output is stored at the last but one position let product = output[output.len() - 2]; @@ -445,7 +445,7 @@ impl ProductSumcheckInstance { impl SumcheckEngine for ProductSumcheckInstance { fn initial_claims(&self) -> Vec { - vec![G::Scalar::zero(); 8] + vec![G::Scalar::ZERO; 8] } fn degree(&self) -> usize { @@ -515,7 +515,7 @@ impl SumcheckEngine for ProductSumcheckInstance { (eval_point_0, eval_point_2, eval_point_3) }) .reduce( - || (G::Scalar::zero(), G::Scalar::zero(), G::Scalar::zero()), + || (G::Scalar::ZERO, G::Scalar::ZERO, G::Scalar::ZERO), |a, b| (a.0 + b.0, a.1 + b.1, a.2 + b.2), ); vec![eval_point_0, eval_point_2, eval_point_3] @@ -561,7 +561,7 @@ struct OuterSumcheckInstance { impl SumcheckEngine for OuterSumcheckInstance { fn initial_claims(&self) -> Vec { - vec![G::Scalar::zero()] + vec![G::Scalar::ZERO] } fn degree(&self) -> usize { @@ -623,7 +623,7 @@ impl SumcheckEngine for OuterSumcheckInstance { (eval_point_0, eval_point_2, eval_point_3) }) .reduce( - || (G::Scalar::zero(), G::Scalar::zero(), G::Scalar::zero()), + || (G::Scalar::ZERO, G::Scalar::ZERO, G::Scalar::ZERO), |a, b| (a.0 + b.0, a.1 + b.1, a.2 + b.2), ); @@ -706,7 +706,7 @@ impl SumcheckEngine for InnerSumcheckInstance { (eval_point_0, eval_point_2, eval_point_3) }) .reduce( - || (G::Scalar::zero(), G::Scalar::zero(), G::Scalar::zero()), + || (G::Scalar::ZERO, G::Scalar::ZERO, G::Scalar::ZERO), |a, b| (a.0 + b.0, a.1 + b.1, a.2 + b.2), ); @@ -860,7 +860,7 @@ impl> RelaxedR1CSSNARK .iter() .zip(coeffs.iter()) .map(|(c_1, c_2)| *c_1 * c_2) - .fold(G::Scalar::zero(), |acc, item| acc + item); + .fold(G::Scalar::ZERO, |acc, item| acc + item); let mut e = claim; let mut r: Vec = Vec::new(); @@ -875,13 +875,13 @@ impl> RelaxedR1CSSNARK let evals_combined_0 = (0..evals.len()) .map(|i| evals[i][0] * coeffs[i]) - .fold(G::Scalar::zero(), |acc, item| acc + item); + .fold(G::Scalar::ZERO, |acc, item| acc + item); let evals_combined_2 = (0..evals.len()) .map(|i| evals[i][1] * coeffs[i]) - .fold(G::Scalar::zero(), |acc, item| acc + item); + .fold(G::Scalar::ZERO, |acc, item| acc + item); let evals_combined_3 = (0..evals.len()) .map(|i| evals[i][2] * coeffs[i]) - .fold(G::Scalar::zero(), |acc, item| acc + item); + .fold(G::Scalar::ZERO, |acc, item| acc + item); let evals = vec![ evals_combined_0, @@ -1000,12 +1000,12 @@ impl> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait>(); let read_row = (0..E_row.len()) .map(|i| hash_func(&pk.S_repr.row[i], &E_row[i], &pk.S_repr.row_read_ts[i])) @@ -1102,7 +1102,7 @@ impl> RelaxedR1CSSNARKTrait>(); @@ -1117,7 +1117,7 @@ impl> RelaxedR1CSSNARKTrait>(); let init_col = (0..mem_col.len()) - .map(|i| hash_func(&G::Scalar::from(i as u64), &mem_col[i], &G::Scalar::zero())) + .map(|i| hash_func(&G::Scalar::from(i as u64), &mem_col[i], &G::Scalar::ZERO)) .collect::>(); let read_col = (0..E_col.len()) .map(|i| hash_func(&pk.S_repr.col[i], &E_col[i], &pk.S_repr.col_read_ts[i])) @@ -1127,7 +1127,7 @@ impl> RelaxedR1CSSNARKTrait>(); @@ -1190,7 +1190,7 @@ impl> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait], s: &[G::Scalar]| -> Vec { assert_eq!(W.len(), s.len()); - let mut p = vec![G::Scalar::zero(); W[0].len()]; + let mut p = vec![G::Scalar::ZERO; W[0].len()]; for i in 0..W.len() { for (j, item) in W[i].iter().enumerate().take(W[i].len()) { p[j] += *item * s[i] @@ -1265,7 +1265,7 @@ impl> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> = w_vec_padded .iter() @@ -1499,7 +1499,7 @@ impl> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> RelaxedR1CSSNARKTrait> Circuit for SpartanCircuit let arity = self.sc.arity(); // Allocate zi. If inputs.zi is not provided, allocate default value 0 - let zero = vec![G::Scalar::zero(); arity]; + let zero = vec![G::Scalar::ZERO; arity]; let z_i = (0..arity) .map(|i| { AllocatedNum::alloc(cs.namespace(|| format!("zi_{i}")), || { @@ -2248,7 +2248,7 @@ mod tests { let num_steps = 3; // setup inputs - let z0 = vec![::Scalar::zero()]; + let z0 = vec![::Scalar::ZERO]; let mut z_i = z0; for _i in 0..num_steps { diff --git a/src/spartan/sumcheck.rs b/src/spartan/sumcheck.rs index a80e56b..2952f37 100644 --- a/src/spartan/sumcheck.rs +++ b/src/spartan/sumcheck.rs @@ -93,7 +93,7 @@ impl SumcheckProof { (eval_point_0, eval_point_2) }) .reduce( - || (G::Scalar::zero(), G::Scalar::zero()), + || (G::Scalar::ZERO, G::Scalar::ZERO), |a, b| (a.0 + b.0, a.1 + b.1), ); @@ -146,8 +146,8 @@ impl SumcheckProof { let mut evals: Vec<(G::Scalar, G::Scalar)> = Vec::new(); for (poly_A, poly_B) in poly_A_vec.iter().zip(poly_B_vec.iter()) { - let mut eval_point_0 = G::Scalar::zero(); - let mut eval_point_2 = G::Scalar::zero(); + let mut eval_point_0 = G::Scalar::ZERO; + let mut eval_point_2 = G::Scalar::ZERO; let len = poly_A.len() / 2; for i in 0..len { @@ -165,10 +165,10 @@ impl SumcheckProof { let evals_combined_0 = (0..evals.len()) .map(|i| evals[i].0 * coeffs[i]) - .fold(G::Scalar::zero(), |acc, item| acc + item); + .fold(G::Scalar::ZERO, |acc, item| acc + item); let evals_combined_2 = (0..evals.len()) .map(|i| evals[i].1 * coeffs[i]) - .fold(G::Scalar::zero(), |acc, item| acc + item); + .fold(G::Scalar::ZERO, |acc, item| acc + item); let evals = vec![evals_combined_0, e - evals_combined_0, evals_combined_2]; let poly = UniPoly::from_evals(&evals); @@ -251,7 +251,7 @@ impl SumcheckProof { (eval_point_0, eval_point_2, eval_point_3) }) .reduce( - || (G::Scalar::zero(), G::Scalar::zero(), G::Scalar::zero()), + || (G::Scalar::ZERO, G::Scalar::ZERO, G::Scalar::ZERO), |a, b| (a.0 + b.0, a.1 + b.1, a.2 + b.2), ); @@ -353,7 +353,7 @@ impl UniPoly { (0..self.coeffs.len()) .into_par_iter() .map(|i| self.coeffs[i]) - .reduce(G::Scalar::zero, |a, b| a + b) + .reduce(|| G::Scalar::ZERO, |a, b| a + b) } pub fn evaluate(&self, r: &G::Scalar) -> G::Scalar {